CloudFlare insists on encryption

Last week for CloudFlare was held under the motto of strengthen cryptographic connections to its global CDN-network. The company has opened to customers free access to innovations such as the TLS 1.3 protocol, Automatic HTTPS Rewrites (auto-redirect from HTTP to HTTPS) function and opportunistic encryption.

cloudf

Currently, CloudFlare services are used by the owners of more than 2 million sites and services. CDN-largest provider argued for a strong and affordable cryptographic. Is enough to recall such CloudFlare initiatives as Universal SSL, introduction of the keyless SSL and advanced combination of ciphers ChaCha20-Poly1305.

TLS 1.3 – the latest version of the protocol used by the HTTPS-services for encrypting and authenticating connections. CloudFlare experts who participated in the development of TLS 1.3, argue that its implementation can improve not only the reliability of protection, but also the speed of loading pages, especially in mobile networks. TLS 1.3 helps reduce the number of messages required to establish a connection, and with the adoption of this standard each browser message will be passed on CloudFlare server in just 50 ms.

As a result, the “slow” sites, which are usually loaded longer than 300 ms, will have a noticeable acceleration. According to CloudFlare, TLS 1.3 support is already implemented in Firefox and Chrome releases to developers.

Running Automatic HTTPS Rewrites designed to facilitate secure transfer to the full HTTPS for client sites that use the so-called mixed content. Modern browsers are trying to protect the user from unsafe HTTP-scripts and images, blocking the download of the first and warning of insecurity of last, for this reason, such sites often do not work.

Currently, the resources available for HTTP, are displayed to the user as “neutral”, so HTTPS-sites with mixed content operators prefer to use HTTP, rather than a partial HTTPS. However, this order is about to change: Google has announced that from next year Chrome will respond to HTTP-sites as unreliable. Mozilla is also working on the translation of its browser to HTTPS-only.

Enabling Automatic HTTPS Rewrites on the site, as explained by Nick Sullivan on CloudFlare’s blog will allow to change the HTTP to HTTPS for all third-party resources, and dynamically generated content, in principle, available for HTTPS, even if the source code of the page dictates downloads over HTTP. The new feature will even be able to rewrite the link http: // as the https: //, where possible.

To perform a painless upgrade, CloudFlare armed with a list of HTTPS Everywhere EFF and information about support HSTS, which operates Chrome. Soon the company also will get their own list of domains that are enabled HTTPS.

Posted in How to install SSL Certificate, Validation, What is an SSL-Certificate Tagged with: , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.